ImageMagick - vulnerable?

apps

#1

I was just setting up a Gallery install for one of my sites, and when testing the install of ImageMagick (something you have to do before you can use it in the install) I got this rather worrying message:

ImageMagick 6.2.4

Warning: This version of ImageMagick has known vulnerabilities that could be exploited to execute arbitrary commands or cause a denial of service (references: 1, 2, 3, 4). You may wish to upgrade. This determination may be inaccurate for ImageMagick packages in Linux distributions.

This is the standard /usr/bin installation. Sure I can always compile and run my own copy on my own space, but if that’s the version dreamhost is offering by default, and it’s known to be insecure, should they even be offering it?

Do they even know about this?


hi2u signature (mental powers of funny are lacking tonight, so no amusing sig for yuo!)


#2

[quote]This determination may be inaccurate for ImageMagick packages in Linux distributions[/unquote]
Dreamhost uses linux systems.
Silk

My website


#3

You know, rather than reporting it here, reporting it via the control panel (as a ticket) is probably 1000000x more useful to the rest of us.

Though, as silkrooster suggested, it doesn’t really apply to DH’s setup so you can pretty much just ignore the warning :wink:


#4

Well that’s why I posted on here first - just in case somebody else knew something I didn’t :wink: And looks like I made the right call - if it turns out to be a problem in the future I’ll definitely fire up a ticket to DH. Not worth wasting their time on something which, from the sound of it, is a non-issue for the moment though.

Thanks for your replies guys :slight_smile:


hi2u signature (mental powers of funny are lacking tonight, so no amusing sig for yuo!)